Attack and Penetration

Overview

An ethical hacking exercise can result in a simulation of a real life attack if it is designed and executed carefully, based on real life experiences and understanding.  This can help organisations identify weaknesses in their systems of security controls at the same time as confirming or denying specific assumptions that may be held by management in relation to the completeness and/or robustness of existing controls.

Before commissioning an assignment of this type, organisations need to appreciate that by their nature, penetration exercises exhibit specific differences as well as similarities to real life attempts by unauthorised individuals (e.g. hackers) to perform unwanted and/or unauthorised activities against organisations’ systems, networks and applications.  In this respect, it is crucial that you work with your security consultant to assist you in understanding such differences and limitations in order that the appropriate level of expectations is set and that deliverables match the intended purpose.

Key Benefits

•  3^rd party attestation of the robustness of technical controls which may be in place to control and restrict access to organisation’s internal network and systems from an external source

•  Independent challenge of the assumptions that the organisation has in relation to its detection and prevention capability and the effectiveness of the monitoring strategies and tools that are in place

•  Identification of technical vulnerabilities that may be present in the technology infrastructure of the business and prioritization of required actions to address such shortcomings